Home   »   News   »   Hacker Chose $2M bug bounty over unlimited ‘Ether’
Hacker got a $2M bug bounty

Hacker Chose $2M bug bounty over unlimited ‘Ether’

News February 16th 2022

A ‘grey-hat’ hacker made a stylish move by choosing $2M bug bounty.

Hacker figured out the way to trick Ethereum scaling solution and Optimize it into effectively printing unlimited Ether. This incident took place earlier this month.

Jay Freeman, a software engineer (who uses the online name – Saurik), didn’t make a huge amount by exploiting the bug. Instead, he reported the issue to Optimism’s dev team, who in return paid him a $2 million bug bounty. 

Freeman is well known for his work on Cydia, an app store for jailbroken iPhones. Recently, he took a keen interest in blockchain and has been looking for bugs in it.

As per the breakdown on Jay’s website, he found a glitch while he was looking into so-called “nano payment protocols.”

One of these protocols is Optimism. It allows users to send a small amount of crypto with very few transaction fees, although with security tradeoffs.

Likewise, blockchain bridges like Wormhole, the platform that has several alternative Ether token exists only on Optimism’s network.

Users always take a wise step by first locking their ETH inside a smart contract as collateral to receive their tokens, which is actually double as IOUs. These tokens can easily be transacted quicker and cheaper as compared to on-chain transactions. This makes Optimism a potential “layer 2” (L2), solution for scaling Ethereum.

In case Optimism users wish to cash out their IOUs, they must have to wait one week, before their “real” Ether token gets released.


Printing Fake Ether for Real Ether By Hackers is dangerous :

Freeman discovered a glitch in one part of the Optimism code, which indicates a smart contract to delete themselves and in return give the related Ether to the sender.

The “SELFDESTRUCT” function on Optimism returned crypto to the sender but kept related off-chain Ether IOUs.

This could have easily been tricking smart contracts into looping through the glitch.

The Ether created by the bug was counterfeit, but Freeman suggested it could cause havoc to the crypto ecosystem.

These security bugs are also known as overflow bugs.


If you enjoyed reading this news, you are surely going to cherish these too –